CN1972240A - Fast package filter processing method and its apparatus - Google Patents
Fast package filter processing method and its apparatus Download PDFInfo
- Publication number
- CN1972240A CN1972240A CNA2005101238874A CN200510123887A CN1972240A CN 1972240 A CN1972240 A CN 1972240A CN A2005101238874 A CNA2005101238874 A CN A2005101238874A CN 200510123887 A CN200510123887 A CN 200510123887A CN 1972240 A CN1972240 A CN 1972240A
- Authority
- CN
- China
- Prior art keywords
- mask
- module
- packet
- rule
- tabling look
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention provides one method for rapid filtering, which comprises the following steps: in each Ethernet data arrival, extracting special section from data pack for mask computation to get index key words; using key word for index operation from mask relative filter list items; getting rule for relative data pack according to list. This invention also provides one rapid filter process device, which comprises extraction module, list process module, list find module and data pack process module.
Description
Technical field
The present invention relates to the network filtering technology, particularly a kind of fast package filter processing method and device thereof based on Ethernet switch.
Background technology
Along with interference networks have the continuous growth that stronger disposal ability requires to the Ethernet equipment of its main supporting body, Ethernet also wants to provide the ability of 2 to 7 layers of processing, stronger priority (QOS) ability that resets except simple data forwarding.These all require Ethernet core exchange chip that 2 to 7 layers Packet Filtering, the function that classification is handled are provided, and need switch that the fast package filter processor of two-forty and disposal ability can be provided.The fast package filter processor of Ethernet core exchange chip employing at present roughly uses two kinds of algorithms to realize, a kind of is the HASH algorithm, as Additive, Rotating, CRC, MD4 etc., because it finds key value very big, the probability that produces conflict sharply increases, all exist about collision probability of about 20%, even the situation of the coupling of mistake can occur.For fear of the repetition of keyword, can't use mask simultaneously.Another kind is BINARYSEARCH (binary search) algorithm, and this method is set up processing data packets rule list item in network processing unit, be also referred to as filtering meter item.When each packet arrived, BINARYSEARCH algorithm operation list item to packet in regular list item adopted binary search to search item by item.If searching the entry number of list item in the regular list item is M, then when packet arrives, in order to find corresponding processing rule, need in regular list item, the header data to packet adopt binary search search operation list item item by item, it is log that list item is searched the needed time
2M.When list item is very big, be difficult to make and search the linear speed that speed reaches port, seriously limited the fast package filter processor treatment effeciency raising and filtering function widely is provided more flexibly, be difficult to satisfy the needs that the network processes of speed that the internet improves constantly and continual renovation is used, also be difficult to be applied in the Gigabit Ethernet core exchange chip.If will satisfy the application of gigabit Ethernet high-speed core exchange, then necessarily require searching of within very short time handle packet, and can expand to the combination of the arbitrary fields content of data packet head, also to support thousands of filtering meter item clauses and subclauses.Therefore need fast package filter processing scheme efficient more and gigabit Ethernet high-speed core exchange flexibly.
Summary of the invention
For solving problems of the prior art, the purpose of this invention is to provide a kind of fast package filter processing method and device thereof, can satisfy the two-forty that the Gigabit Ethernet packet filtering proposes, the list item capacity of field combination, expansion flexibly, the needs of using with the network processes that adapts to speed that the internet improves constantly and continual renovation.
For addressing the above problem, the invention provides a kind of fast package filter processing method, comprising: when each Ethernet data bag arrives, extract the specific fields content from the packet header of packet; The field contents that extracts is carried out mask operation, obtain the keyword of tabling look-up; Utilize keyword in the pairing filtering meter item of its mask zone, to search list item; The rule that draws according to tabling look-up is carried out filter operation to packet.
Wherein mask is corresponding one by one with search key.
Described filtering meter item is divided into N zone according to the quantity N of mask in the mask table, obtain N search key by N mask, sent into respectively in this N distinct area, in the zone, list item is retrieved, searched the rule of coupling by the logic of independently tabling look-up.
The situation that the bar list item hits simultaneously then decides priority level according to the numbering of mask and the regular list item address of being hit, and therefrom filters out the content of operation that finally will carry out on packet.
Result according to the rule match of tabling look-up, to just in the central data Buffer Pool waiting data package carry out the operational processes of rule predetermining, the content of processing comprises that resetting priority (QOS), flow control, access control, destination interface is redirected, is forwarded to CPU, change VLANID, packet discard etc.
Correspondingly, the present invention also provides a kind of fast package filter processing unit, comprises extraction module, the pretreatment module of tabling look-up, table look-up module and processing data packets module, wherein extraction module, extract the field contents of specific bit among the packet packet header that arrives, send in the matching module then; The pretreatment module of tabling look-up is carried out the mask operation to the field contents of each extraction, obtains the keyword that is used to table look-up; Table look-up module utilizes keyword to carry out table lookup operation in the filtering meter item zone of its mask correspondence; The processing data packets module, the rule that draws according to tabling look-up is carried out filter operation to packet.
Described table look-up module is divided into N zone according to the quantity N of mask with whole filtering meter item, N mask obtained N search key to be sent into respectively in this N distinct area, one by one list item is retrieved in the zone by the logic of independently tabling look-up, searched the rule of coupling.
If find corresponding matched rule in described table look-up module, the processing data packets module that the rule of coupling number is sent to subordinate is handled accordingly, otherwise returns the information that can not mate.
The operation that the rule that described processing data packets module draws according to tabling look-up is carried out packet comprises that resetting priority, flow control, access control, destination interface is redirected, is forwarded to CPU, change VLANID, packet discard etc.
The present invention is owing to when each Ethernet data bag arrives, extract corresponding field contents from data packet head, according to the field contents matching operation of tabling look-up, and according to the result of mating packet operated accordingly the matching operation of tabling look-up is finished after.Compared with prior art, the present invention has the following advantages:
(1) because method provided by the invention is divided into N subarea with the entry number M of regular list item, the packet header data compares with each list item in N subarea through the keyword that mask obtains simultaneously, adopt parallel BINARY SEARCH algorithm, be the keyword that draws of each mask operation in the subspace of the regular list item of mask correspondence (its size is M/N) separately independently, parallel table lookup operation, the running time of algorithm original log that serves as reasons
2M shortens to log
2(M/N), shortened the processing time greatly, therefore has higher processing speed, can satisfy the demand that the gigabit Ethernet high-rate fitration is handled, simultaneously owing to introduced mask mechanism, can realize each protocol fields combination in any in the specified byte of packet header with limited list item, improve the flexibility of carrying out the categorical filtering operation greatly.
(2) the fast package filter processing unit of the parallel BINARYSEARCH algorithm structure of employing, can realize the filtration lookup unit of the parallel BINARYSEARCH algorithm of high zoom table, this filtration lookup unit is searched with the linear speed of gigabit ethernet port, and can realize the flexible combination of data packet head field, support the jumbo list item of searching, the present invention supports 1.5K bar filtering meter item, can provide at most to the linear speed of 12 gigabit ethernet ports and one ten thousand mbit ethernet port search, filtration and sort operation.Support total bandwidth and the 33Mpps bag processing speed of 22Gps, has very high advance, be suitable in Gigabit Ethernet core exchange chip, using, the present invention has avoided the use of the content-based address search memory (CAM) of costliness, can go up random access storage device (RAM) by highdensity and use, support the comparison of big key data, can reach very high operating rate by enough lower costs, be very suitable for adopting integrated circuit to realize, have a wide range of applications.
Description of drawings
Fig. 1 is a fast package filter processing method flow chart of the present invention;
Fig. 2 is the particular flow sheet of table lookup operation among Fig. 1;
Fig. 3 is the operational flowchart of data stream being handled according to rule;
Fig. 4 is the block diagram of fast package filter processing unit of the present invention.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the present invention is elaborated.
Packet Filtering is a network security protection mechanism, is used for controlling the data that flow out and flow into network.In order to understand Packet Filtering, at first introduce packet.Bag is made up of the agreement of each layer connection, all is made up of packet header and inclusion at each layer bag.Deposit the protocol information relevant in packet header, leave the data message of this one deck at inclusion in this one deck.These data have also comprised the full detail on upper strata.On each layer to the processing of bag be the full detail that will obtain from the upper strata as inclusion, the agreement according to this layer is adding packet header then.The present invention is in order to realize fast and flexible filtering data bag, at first mask table, rule list and flow control meter are set up in the data field in Ethernet switch, in the present embodiment, list item in the mask table is 128, be under 12 the situation at the gigabit port number, rule list adds up to the 12*128 bar, is the 1.5K bar, and the regulation flow control meter is 768.
Fig. 1 is a fast package filter processing method flow chart of the present invention.As shown in Figure 1, from the packet of ethernet port input, extract the content of packet header 72 bytes, and according to the type of information judgment data bags such as port and address and source, destination slogan (S101).Meanwhile, packet will be admitted to the central data Buffer Pool and wait for the result who tables look-up.The content of packet header 72 bytes of extracting is sent to the pretreatment module of each mask correspondence, in pretreatment module, carry out and operation with the final mask of 72 bytes that generated by the mask in the initial mask table in the packet header of extracting, and resulting result is the keyword of finally sending in the table look-up module of tabling look-up (S102).In table look-up module, the keyword of tabling look-up of 72 bytes of sending here from each pretreatment module is sent to the parallel table lookup operation that carries out in the pairing regular subregion of mask separately.The size of each subregion be M/N (M is all list item numbers, and N is the number of mask) (S103).The list item result who obtains according to table lookup operation handles (S104) in the processing data packets module accordingly to packet.
Fig. 2 is the particular flow sheet of table lookup operation among Fig. 1.As shown in Figure 2, obtaining keyword (S201) afterwards, judging whether to carry out table lookup operation (S202), if do not carry out table lookup operation then as not finding processing (S211).After determining to carry out table lookup operation, utilize keyword in the filtering meter item zone of its mask correspondence, to carry out table lookup operation (S203), in this step, in regular subclass, read a list item from the intermediate address value between the address upper and lower bound of rule list subclass at every turn, list item is split into 4 parts, 18 bytes of each part, the keyword of will tabling look-up simultaneously also splits into 4 parts, 18 bytes of each part, four part man-to-man comparisons respectively of 4 parts of list item and the keyword of tabling look-up.Judge whether then all to equate, just all mate (S204), if 4 parts all equate, then list item hits, otherwise judge whether part coupling (S208), if part coupling, then handle (S209) according to the corresponding rule of mask table, comprise the processing rule that keyword and list item partly mate in the mask table, for example comprise the relation (being greater than or less than) of from a high position to the low level, judging the list item and the keyword of tabling look-up, redefine the upper and lower bound of search subset, the operation above repeating according to the result who judges.Also comprise in addition and abandoning or forwarding etc.If matching result promptly is not whole couplings, also part is not mated, and then (S211) do not found in expression.If being 4 parts, the judged result of step S204 all equates, at this moment need the judgment data bag whether to meet flow control requirement (S205), because the granularity traffic requirement of each port is from 1Mbps to 1000Mpbs, meets the requirements and just can carry out processing data packets (S210).The purpose whether the judgment data bag meets the flow control requirement also is to judge whether the scope (S206) of excess flow control table, and the words that do not exceed are then carried out processing data packets (S210), otherwise with data packet discarding or forwarding (S207).Also can occur among the step S203 in the corresponding list item of a mask, duplicating the hit entries situation, just need this moment to judge validity according to the height of address, the high overlay address in address is low, the rule that repeats to hit for different masks, numbering according to mask is judged, mask numbering low effectively, finally generate a checking result, this result is delivered in the rule process module goes.In the step S210 that packet is handled, the processing data packets module is according to the result of the rule match of tabling look-up, to just in the central data Buffer Pool waiting data package carry out the operational processes of rule predetermining, the content of processing generally includes and resets priority (QOS), flow control (granularity is from 1Mbps to 1000Mpbs), access control, destination interface and be redirected, be forwarded to CPU, change VLANID, packet discard or the like.
The rule that draws of tabling look-up will be sent in the processing data packets module, the processing data packets module is operated packet according to the rule that draws of tabling look-up, the operation of supporting at present has: reset priority (QOS), tagged is guaranteed the repair free of charge the PRI that changes bag, and be worth with this and reset COS, reset COS value, revise TOS in the bag, reset the DSCP value that COS value, modification are wrapped with the PRI in the bag with the TOS in the bag; Flow control, its effect are if network manager is wanted to limit from certain subnet or the flow of business of going to certain subnet to certain scope, or limit the certain scope of certain type flow to, and the granularity of Flow Control is from 1Mbps to 1000Mpbs; Access control, its effect are exactly the access rights that give packet, if such as network manager wants to lose all ip business from 10.18.13.xxx, except ICMP bag.As seen IP bag is not to the access rights of 10.18.13.xxx; Be redirected.Just redefine the outbound port number of bag; Rewrite VLANID (VLAN identifier); Copy package is to CPU; Packet loss etc.
The corresponding list item of each byte adopts 16 byte, the operation of using 13 state representation wherein to carry out in the rule list in the present embodiment.Fig. 3 is the operational flowchart of packet being handled according to rule.As shown in Figure 3, when utilizing keyword to find a legal list item in rule list, by judging each state (S303-S313) of list item byte, the processing data packets module is carried out corresponding operation (S314-S324) to packet.
Fig. 4 is the block diagram of fast package filter processing unit of the present invention.When fast package filter processing unit of the present invention arrives at each Ethernet data bag, extract the specific fields content from the packet header of packet, the field contents that extracts is carried out mask operation, obtain the keyword of tabling look-up, utilize keyword to carry out table lookup operation in the filtering meter item zone of its mask correspondence, the rule that draws according to tabling look-up is operated accordingly to packet.As shown in Figure 4, fast package filter processing unit of the present invention comprises extraction module, the pretreatment module of tabling look-up, table look-up module and processing data packets module, wherein extraction module is from the packet of ethernet port input, extract the content of packet header 72 bytes, and, then the header field content of extracting is sent in the matching module according to the type of information judgment data bags such as port and address and source, destination slogan; The pretreatment module of tabling look-up is carried out the mask operation to the field contents of each extraction, obtains the keyword that is used to table look-up; Table look-up module utilizes keyword to carry out table lookup operation in the filtering meter item zone of its mask correspondence; The processing data packets module is operated packet accordingly according to the rule that draws of tabling look-up.Table look-up module is divided into N zone according to the quantity N of mask with whole filtering meter item, N mask obtained N search key to be sent into respectively in this N distinct area, one by one list item is retrieved according to the BINARYSEARCH algorithm in the zone by the logic of independently tabling look-up, searched the rule of coupling.If find corresponding matched rule in table look-up module, the processing module that the rule of coupling number is sent to subordinate is handled accordingly, otherwise returns the information that can not mate.The processing data packets module is operated packet according to the rule that draws of tabling look-up, and comprises that resetting priority (QOS), flow control, access control, destination interface is redirected, is forwarded to CPU, change VLANID, packet discard etc.
Fast package filter processing method of the present invention adopts parallel BINARY SEARCH algorithm to realize that quick filtering meter item searches and mate, and be basic engineering with the method and realized a kind of fast package filter device, fast package filter processing unit of the present invention is supported the filtration to packet header 72 bytes, classification is handled, support the linear speed of 12 gigabit ports and one 10,000,000,000 port to filter, the employing integrated circuit is realized, it is tabled look-up and adopts parallel BINARY SEARCH algorithm, table look-up the used time be log2 (M/N) wherein M be the entry number of total filtering meter item, N is the entry number of the filtration mask that adopts.In Gigabit Ethernet core exchange chip, realize 2 to 7 layers of function that filtration, classification are handled, and can be embedded in the Gigabit Ethernet core exchange chip, satisfied the two-forty of Gigabit Ethernet core exchange, multi-functional, the flexible requirement of multiprocessing.
Claims (9)
1, a kind of fast package filter processing method is characterized in that comprising:
A. when each Ethernet data bag arrives, extract the specific fields content from the packet header of packet;
B. the field contents that extracts is carried out mask operation, obtain the keyword of tabling look-up;
C. utilize keyword in the pairing filtering meter item of its mask zone, to search list item;
D. according to the rule that draws of tabling look-up packet is carried out filter operation.
2, the method for claim 1 is characterized in that: mask is corresponding one by one with search key.
3, method as claimed in claim 1 or 2, it is characterized in that: described filtering meter item is divided into N zone according to the quantity N of mask in the mask table, obtain N search key by N mask, sent into respectively in this N distinct area, list item is retrieved in the zone by the logic of independently tabling look-up, searched the rule of coupling.
4, method as claimed in claim 3, it is characterized in that: if occurred many situations that list item hits simultaneously in the process of searching, then decide priority level, therefrom filter out the content of operation that finally will on packet, carry out according to the numbering of mask and the regular list item address of being hit.
5, method as claimed in claim 4, it is characterized in that: according to the result of the rule match of tabling look-up, to just in the central data Buffer Pool waiting data package carry out the operational processes of rule predetermining, the content of processing comprises that resetting priority (QOS), flow control, access control, destination interface is redirected, is forwarded to CPU, change VLANID, packet discard etc.
6, a kind of fast package filter processing unit is characterized in that comprising: extraction module, the pretreatment module of tabling look-up, table look-up module and processing data packets module, wherein
Extraction module extracts the field contents of specific bit among the packet packet header that arrives, and sends in the matching module then;
The pretreatment module of tabling look-up is carried out the mask operation to the field contents of each extraction, obtains the keyword that is used to table look-up;
Table look-up module utilizes keyword to carry out table lookup operation in the filtering meter item zone of its mask correspondence;
The processing data packets module, the rule that draws according to tabling look-up is carried out filter operation to packet.
7, device as claimed in claim 6, it is characterized in that: described table look-up module is divided into N zone according to the quantity N of mask with whole filtering meter item, N mask obtained N search key to be sent into respectively in this N distinct area, one by one list item is retrieved in the zone by the logic of independently tabling look-up, searched the rule of coupling.
8, as claim 6 or 7 described devices, it is characterized in that: if in described table look-up module, find corresponding matched rule, the processing data packets module that the rule of coupling number is sent to subordinate is handled accordingly, otherwise returns the information that can not mate.
9, device as claimed in claim 8 is characterized in that: the operation that the rule that described processing data packets module draws according to tabling look-up is carried out packet comprises that resetting priority, flow control, access control, destination interface is redirected, is forwarded to CPU, change VLANID, packet discard etc.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2005101238874A CN1972240A (en) | 2005-11-24 | 2005-11-24 | Fast package filter processing method and its apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2005101238874A CN1972240A (en) | 2005-11-24 | 2005-11-24 | Fast package filter processing method and its apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1972240A true CN1972240A (en) | 2007-05-30 |
Family
ID=38112840
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2005101238874A Pending CN1972240A (en) | 2005-11-24 | 2005-11-24 | Fast package filter processing method and its apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1972240A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101841474A (en) * | 2010-04-15 | 2010-09-22 | 华为技术有限公司 | Device for realizing access control lists |
| CN101860531A (en) * | 2010-04-21 | 2010-10-13 | 北京星网锐捷网络技术有限公司 | Filtering rule matching method of data packet and device thereof |
| CN101964759A (en) * | 2010-11-10 | 2011-02-02 | 中国人民解放军国防科学技术大学 | Multiuser-supporting high-speed message diversion method |
| CN102316121A (en) * | 2011-10-19 | 2012-01-11 | 武汉烽火网络有限责任公司 | Filtering matching preprocessing method supporting dynamic extended frame head and device |
| CN102497319A (en) * | 2011-12-13 | 2012-06-13 | 曙光信息产业(北京)有限公司 | System and method for realizing single packet matching by utilizing automaton |
| CN102739537A (en) * | 2012-06-26 | 2012-10-17 | 中兴通讯股份有限公司 | Method and device for forwarding Ethernet packets |
| CN103457824A (en) * | 2012-05-31 | 2013-12-18 | 中兴通讯股份有限公司 | Message processing method and device |
| CN103780460A (en) * | 2014-01-15 | 2014-05-07 | 珠海市佳讯实业有限公司 | System for realizing hardware filtering of TAP device through FPGA |
| CN104243344A (en) * | 2014-10-11 | 2014-12-24 | 网宿科技股份有限公司 | Effective data packet capturing method and request redirection server |
| CN104778197A (en) * | 2014-12-30 | 2015-07-15 | 北京锐安科技有限公司 | Data searching method and device |
| CN101714948B (en) * | 2009-10-27 | 2016-03-30 | 清华大学 | A kind of sorting technique of net bag of multiple domain and device |
| CN105591989A (en) * | 2016-01-25 | 2016-05-18 | 盛科网络(苏州)有限公司 | Chip realization method for reporting protocol message to CPU |
| CN107896193A (en) * | 2017-12-29 | 2018-04-10 | 湖南恒茂高科股份有限公司 | A kind of creation method, lookup method and the look-up table of the look-up table of interchanger |
| CN109347747A (en) * | 2018-11-13 | 2019-02-15 | 锐捷网络股份有限公司 | A kind of data processing method and device |
| CN110177046A (en) * | 2019-04-18 | 2019-08-27 | 中国人民解放军战略支援部队信息工程大学 | Secure exchange chip, implementation method and the network switching equipment based on mimicry thought |
| CN111262812A (en) * | 2018-11-30 | 2020-06-09 | 比亚迪股份有限公司 | Data packet screening method and device |
| WO2020135215A1 (en) * | 2018-12-25 | 2020-07-02 | 中国科学院沈阳自动化研究所 | Handle identification-based data forwarding unit |
| CN113132156A (en) * | 2021-03-31 | 2021-07-16 | 中国人民解放军战略支援部队信息工程大学 | Storage-computation-transmission integrated network function basic platform structure and method |
| CN115474164A (en) * | 2022-08-17 | 2022-12-13 | 上海磐启微电子有限公司 | Bluetooth broadcast filtering method and system |
-
2005
- 2005-11-24 CN CNA2005101238874A patent/CN1972240A/en active Pending
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714948B (en) * | 2009-10-27 | 2016-03-30 | 清华大学 | A kind of sorting technique of net bag of multiple domain and device |
| CN101841474A (en) * | 2010-04-15 | 2010-09-22 | 华为技术有限公司 | Device for realizing access control lists |
| CN101860531A (en) * | 2010-04-21 | 2010-10-13 | 北京星网锐捷网络技术有限公司 | Filtering rule matching method of data packet and device thereof |
| CN101964759A (en) * | 2010-11-10 | 2011-02-02 | 中国人民解放军国防科学技术大学 | Multiuser-supporting high-speed message diversion method |
| CN102316121A (en) * | 2011-10-19 | 2012-01-11 | 武汉烽火网络有限责任公司 | Filtering matching preprocessing method supporting dynamic extended frame head and device |
| CN102316121B (en) * | 2011-10-19 | 2013-11-20 | 武汉烽火网络有限责任公司 | Filtering matching preprocessing method supporting dynamic extended frame head and device |
| CN102497319A (en) * | 2011-12-13 | 2012-06-13 | 曙光信息产业(北京)有限公司 | System and method for realizing single packet matching by utilizing automaton |
| CN103457824A (en) * | 2012-05-31 | 2013-12-18 | 中兴通讯股份有限公司 | Message processing method and device |
| CN102739537A (en) * | 2012-06-26 | 2012-10-17 | 中兴通讯股份有限公司 | Method and device for forwarding Ethernet packets |
| CN102739537B (en) * | 2012-06-26 | 2018-05-15 | 上海佑译信息科技有限公司 | The retransmission method and device of Ethernet data bag |
| CN103780460A (en) * | 2014-01-15 | 2014-05-07 | 珠海市佳讯实业有限公司 | System for realizing hardware filtering of TAP device through FPGA |
| CN103780460B (en) * | 2014-01-15 | 2017-06-30 | 珠海市佳讯实业有限公司 | It is a kind of that the system that TAP device hardwares are filtered is realized by FPGA |
| CN104243344A (en) * | 2014-10-11 | 2014-12-24 | 网宿科技股份有限公司 | Effective data packet capturing method and request redirection server |
| CN104243344B (en) * | 2014-10-11 | 2018-06-19 | 网宿科技股份有限公司 | A kind of effective data packets catching method and request Redirect Server |
| CN104778197A (en) * | 2014-12-30 | 2015-07-15 | 北京锐安科技有限公司 | Data searching method and device |
| CN104778197B (en) * | 2014-12-30 | 2019-02-01 | 北京锐安科技有限公司 | A kind of data search method and device |
| CN105591989A (en) * | 2016-01-25 | 2016-05-18 | 盛科网络(苏州)有限公司 | Chip realization method for reporting protocol message to CPU |
| CN105591989B (en) * | 2016-01-25 | 2019-12-20 | 盛科网络(苏州)有限公司 | Chip implementation method for uploading protocol message to CPU |
| CN107896193A (en) * | 2017-12-29 | 2018-04-10 | 湖南恒茂高科股份有限公司 | A kind of creation method, lookup method and the look-up table of the look-up table of interchanger |
| CN107896193B (en) * | 2017-12-29 | 2020-10-16 | 湖南恒茂高科股份有限公司 | Switch, and creation method and search method of lookup table of switch |
| CN109347747A (en) * | 2018-11-13 | 2019-02-15 | 锐捷网络股份有限公司 | A kind of data processing method and device |
| CN109347747B (en) * | 2018-11-13 | 2021-12-17 | 锐捷网络股份有限公司 | Data processing method and device |
| CN111262812A (en) * | 2018-11-30 | 2020-06-09 | 比亚迪股份有限公司 | Data packet screening method and device |
| WO2020135215A1 (en) * | 2018-12-25 | 2020-07-02 | 中国科学院沈阳自动化研究所 | Handle identification-based data forwarding unit |
| US11456950B2 (en) | 2018-12-25 | 2022-09-27 | Shenyang Institute Of Automation, Chinese Academy Of Sciences | Data forwarding unit based on handle identifier |
| CN110177046A (en) * | 2019-04-18 | 2019-08-27 | 中国人民解放军战略支援部队信息工程大学 | Secure exchange chip, implementation method and the network switching equipment based on mimicry thought |
| CN113132156A (en) * | 2021-03-31 | 2021-07-16 | 中国人民解放军战略支援部队信息工程大学 | Storage-computation-transmission integrated network function basic platform structure and method |
| CN113132156B (en) * | 2021-03-31 | 2022-08-12 | 中国人民解放军战略支援部队信息工程大学 | Storage-computation-transmission integrated network function basic platform structure and method |
| CN115474164A (en) * | 2022-08-17 | 2022-12-13 | 上海磐启微电子有限公司 | Bluetooth broadcast filtering method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1972240A (en) | Fast package filter processing method and its apparatus | |
| CN104348716B (en) | A kind of message processing method and equipment | |
| US6957272B2 (en) | Stackable lookup engines | |
| AU2002217593B2 (en) | Apparatus and method for performing high-speed IP route lookup and managing routing/forwarding tables | |
| US9098601B2 (en) | Ternary content-addressable memory assisted packet classification | |
| US6553000B1 (en) | Method and apparatus for forwarding network traffic | |
| US7436830B2 (en) | Method and apparatus for wire-speed application layer classification of upstream and downstream data packets | |
| CN1846409B (en) | Apparatus and method for carrying out ultraspeed buffer search based on transmission control protocol traffic flow characteristic | |
| CN100433715C (en) | Method for providing different service quality tactics to data stream | |
| US8767757B1 (en) | Packet forwarding system and method using patricia trie configured hardware | |
| CN102487374B (en) | Access control list realization method and apparatus thereof | |
| CN104579940A (en) | Method and apparatus for searching ACL | |
| US7624226B1 (en) | Network search engine (NSE) and method for performing interval location using prefix matching | |
| CN100426791C (en) | Engine apparatus for route forwarding table address searching | |
| CN110035074A (en) | A kind of chip implementing method and device of ACL matching UDF message | |
| CN106713144A (en) | Read-write method of message exit information and forwarding engine | |
| US6970971B1 (en) | Method and apparatus for mapping prefixes and values of a hierarchical space to other representations | |
| US7398278B2 (en) | Prefix processing technique for faster IP routing | |
| JP5050978B2 (en) | Transmission information transfer apparatus and method | |
| Lim et al. | Two-dimensional packet classification algorithm using a quad-tree | |
| US20060198379A1 (en) | Prefix optimizations for a network search engine | |
| CN101114991B (en) | Method for implementing Ethernet based data flow high speed comparison | |
| Yu et al. | A power and throughput-efficient packet classifier with n Bloom filters | |
| US10205658B1 (en) | Reducing size of policy databases using bidirectional rules | |
| Macián et al. | An evaluation of the key design criteria to achieve high update rates in packet classifiers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20070530 |